Répondre à : Clé USB infectée 2016-09-08T13:17:50+00:00
Photo du profil de lechatlilas85lechatlilas85
Participant
Post count: 8

Le programme “Club des Cinq” contient tous les dossiers (textes, images, vidéos…) de la famille…
Pour l’exécution de ZHPfix, j’ai du désactiver Avast qui en bloquait le lancement.
Voici le rapport:

Script ZHPFix
ShortcutFix
[MD5.177E24726F38D24B10532D7DDEE0DCC7] – (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe [454656] [PID.3240] =>PUP.CacaoWeb
G2 – GCE: Preference [User DataDefault] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 – GCE: Preference [User DataDefault] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.1.293.0 (Désactivé) =>Adware.PricePeep
G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.13.2.0.4 (Désactivé) =>Toolbar.AVGSearch
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline => Toolbar.Avast
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline => Toolbar.Norton
O4 – GSQuickLaunch [Le Club des Cinq]: Spybot – Search & Destroy.lnk . (.Safer Networking Limited – Spybot – Search & Destroy.) — C:Program Files (x86)Spybot – Search & DestroySpybotSD.exe => Safer Networking Ltd – Spybot S&D
O4 – HKLM..Run: [EzPrint] . (.Lexmark International Inc. – Lexmark Fast Pics Application.) — C:Program Files (x86)Lexmark 2300 Seriesezprint.exe
O4 – HKCU..Run: [cacaoweb] . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O4 – HKUSS-1-5-21-930800744-3864487761-3431598712-1000..Run: [cacaoweb] . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
O43 – CFD: 17/11/2013 – 15:41:49 – [0,449] —-D C:UsersLe Club des CinqAppDataRoamingcacaoweb =>PUP.CacaoWeb
O61 – LFC: 16/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.crx [15838] =>PUP.CacaoWeb
O61 – LFC: 16/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe [454656] =>PUP.CacaoWeb
O61 – LFC: 16/11/2013 – 17:28:17 —A- . (…) — C:UsersLe Club des CinqDownloadscacaoweb.exe [454656] =>PUP.CacaoWeb
O61 – LFC: 19/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebnpdfile.dat [94] =>PUP.CacaoWeb
O61 – LFC: 19/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebstorage.db [25] =>PUP.CacaoWeb
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – => Toolbar.Bing
O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – =>Toolbar.eBay
[MD5.177E24726F38D24B10532D7DDEE0DCC7] [SPRF][19/11/2013] (…) — C:UsersLe Club des CinqDesktopcacaoweb.exe [454656] =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{9D8884E6-E99C-4C5A-A4E3-3D1F8B886137}C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe” | In – Private – P6 – TRUE | .(…) — C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{CFAD8856-E3FD-44A8-9D84-AB40B655FFE9}C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe” | In – Private – P17 – TRUE | .(…) — C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “{48837DD2-5C86-4054-AF42-5D06F9CBA17D}” |In – Public – P6 – TRUE | .(…) — C:ProgramDataeSafeeGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 – FAEL: “{69446489-FDBF-4134-8AD4-1E40F599DFAF}” |In – None – P6 – TRUE | .(…) — C:Program Files (x86)WinZip Driver Updaterwinzipdu.exe (.not file.) => Fichier absent
SR – | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) – C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe => Safer Networking Ltd – Spybot S&D
[HKLMSoftwareGoogleChromeExtensionsleahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLMSoftwareGoogleChromeExtensionslicjnkifamhpbaefhdpacpmihicfbomb] =>Adware.PricePeep^
[HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{151867D5-7359-40AF-8764-66E58D06283C}] =>Toolbar.Agent
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
[HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:cacaoweb =>PUP.CacaoWeb^
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultExtensionsleahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultExtensionslicjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep^
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
C:UsersLe Club des CinqAppDataRoamingcacaoweb =>PUP.CacaoWeb^
C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb^
C:UsersLe Club des CinqDesktopcacaoweb.exe =>PUP.CacaoWeb^
C:UsersLe Club des CinqDownloadscacaoweb.exe =>PUP.CacaoWeb
EmptyCLSID
Emptytemp
EmptyFlash